As Election Day approaches, county clerks’ offices in 31 states are accepting tens of thousands of electronic absentee ballots from U.S. soldiers and overseas civilians, despite years of warnings from cyber experts that Internet voting is easy prey for hackers. Some of the states made their techno leaps even after word spread of an October 2010 test of an Internet voting product in the nation’s capital, in which a team of University of Michigan computer scientists quickly penetrated the system and directed it to play the school’s fight song. The Michigan team reported that hackers from China and Iran also were on the verge of breaking in. Election watchdogs, distraught over what they fear is a premature plunge into an era of Internet voting, lay most of the blame on an obscure Defense Department unit that beckoned state officials for 20 years, in letters, legislative testimony and at conferences, to consider email voting for more than 1 million troops and civilians living abroad.
The Pentagon’s Federal Voting Assistance Program persisted in its below-the-radar pitch even after Congress refused to endorse any form of Internet-related voting, delegating that responsibility largely to the National Institute of Standards and Technology in 2005. Seven years later, the national institute still says more research is needed.
Congress balked after Deputy Defense Secretary Paul Wolfowitz scrapped a live demonstration planned for the 2004 presidential election because of security concerns.
Election officials from Mississippi to Washington state who’ve embraced email and fax voting say that it’s worth a small risk to protect troops’ voting rights and that hackers also could attack other types of electronic voting widely used at U.S. polling places, such as digital and optical scanners.
But most states have begun requiring verifiable paper trails for those systems, an option that is difficult to incorporate in Internet voting and compromises privacy.
… David Jefferson, a computer scientist at California’s Lawrence Livermore National Laboratory who calls email and fax transmission “by far the most dangerous forms of voting ever implemented in the U.S.,” said that the Pentagon program’s and Carey’s advocacy “have done grave damage to U.S. national security, and it will be very difficult to undo it.”
Jefferson, who doesn’t work on ballot security issues at Lawrence Livermore but has studied them for a decade and serves on the board of the Verified Voting Foundation, an election watchdog group, said that partisan, criminal or foreign hackers could alter emailed or faxed votes in multiple ways.
For example, he said, they could intercept ballots as they hop from server to server and – without detection – transform losers into winners. Or so-called “malware” could sit silently on a voter’s computer until he sends his ballot, which it could instantaneously divert to the malware designer for modification before it reaches election officials.